CVE-2022-45359

Name of the Vulnerable Software and Affected Versions YITH WooCommerce Gift Cards premium plugin versions 3.19.0 and earlier

Description The issue is related to an Unauth. Arbitrary File Upload vulnerability in the YITH WooCommerce Gift Cards premium plugin on WordPress, which allows unauthorized users to upload files, potentially leading to full control of the site. This vulnerability affects over 50,000 sites and has been exploited by hackers to upload backdoors, achieve Remote Code Execution (RCE), and capture sites. The root of the problem lies in the import actions from settings panel function, which is related to the admin init hook and does not perform CSRF and capability checks, allowing the sending of POST requests to /wp-admin/admin-post.php for uploading malicious PHP files. Hackers have uploaded files such as kon.php/1tes.php, b.php, and admin.php to vulnerable sites.

Recommendations For YITH WooCommerce Gift Cards premium plugin versions 3.19.0 and earlier, update to version 3.21.0 to resolve the issue. As a temporary workaround, consider restricting access to the import actions from settings panel function and the /wp-admin/admin-post.php endpoint to minimize the risk of exploitation. Additionally, monitor site logs for unexpected POST requests from unknown IP addresses.